Andrew Walls, research vice president for security, risk and privacy at analyst firm Gartner, estimated the security awareness training market at more than $1 billion in late 2014.Another Gartner analyst, Perry Carpenter, covers an important slice of that market - security awareness CBT (computer based training) - which he estimated at $240 million for 2016. That figure only accounts for the companies that Gartner covers in its popular Magic Quadrant.A new report from Cybersecurity Ventures states that training employees how to recognize and defend against cyber attacks is the most underspent sector of the cybersecurity industry - a sector that can be worth $10 billion by 2027. \u00a0(Disclaimer: Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures)Security awareness training done right can provide an excellent ROI for large enterprises. \u201cTraining employees on security will immediately bolster the cyber defenses at most companies,\u201d says Lawrence Pingree, a research director at Gartner, because most data breaches are based on \u201cexploiting common user knowledge gaps to social engineer them to install malware or give away their credentials."Pingree's assertion rings true at one banking giant. \u201cBuilding a strong cyber culture requires an investment of time and resources," says Rich Baich, CISO at Wells Fargo. "Periodic updates and enhancements to existing cyber hygiene practices can drive more awareness resulting in a more educated workforce dedicated to healthy cyber practices.""Through the use of various security awareness techniques we've seen a decrease in susceptibility of phishing throughout the workforce by over 40 percent," adds Baich. "Those organizations that embrace the commitment to build a strong security awareness program will be positioned to reap the benefits of a cyber culture that will positively differentiate their organization in the industry.\u201dUnfortunately employees tend to be the weakest link in an organization.Robert Herjavec, founder and CEO at Herjavec Group\u201cUnfortunately employees tend to be the weakest link in an organization,\u201d says Robert Herjavec, founder and CEO at Herjavec Group, who agrees with Pingree and Baich. \u201cHuman error is inevitable. But it\u2019s each company\u2019s responsibility to train their team \u2013 all of their teams, and not just security personnel \u2013 to know what to look for. How do you identify a phishing scheme? What do you need to consider before you open an attachment? Why should you never email your passwords or give them to someone who is cold calling you saying they are from Internal IT? It seems simple, but these basic errors can be catastrophic for an enterprise.\u201dTraining the world's employees on how to detect and\u00a0respond to spear phishing and other hacks aimed at users will cost billions of dollars. But it may be the world's best ROI in the war against cybercrime - which is predicted to cost organizations $6 trillion annually by 2021.